﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Web.Security;
using System.Data.SqlClient;
using System.Data;

public partial class Main_Administration_AddUser : System.Web.UI.Page
{
    /*page defaults*/
    OfficeOnlineUser currentUser;

    private void AuthenticateUser()
    {
        try
        {
            currentUser = (OfficeOnlineUser)Session["CurrentUser"];
        }
        catch (Exception ex)
        {
            //Response.Redirect("../login.aspx?urlReferrer=" + Request.Url);
        }

        if (currentUser == null)
        {
            //Response.Redirect("../login.aspx?urlReferrer=" + Request.Url);
        }
    }
    /*end page defaults*/


    protected void Page_Load(object sender, EventArgs e)
    {
        AuthenticateUser();

        if (Request.QueryString["createuser"] == "1")
        {
            try
            {
                int status = InsertUserInfoToDatabase();
                switch (status)
                {
                    case 1:
                        form1.InnerHtml = "<response>" + "Success" + "</response>";
                        break;
                    case 2:
                        form1.InnerHtml = "<response>" + "User Name Already Exists" + "</response>";
                        break;
                    case 3:
                        form1.InnerHtml = "<response>" + "Email Address is Already in Use" + "</response>";
                        break;
                    case 5:
                        form1.InnerHtml = "<response>" + "User Name Already Exists<br/>Email Address is Already in Use" + "</response>";
                        break;
                    default:
                        form1.InnerHtml = "<response>" + "There was an unknown problem in adding the user, please contact the system admin." + "</response>";
                        break;

                }
            }
            catch (Exception ex)
            {
                form1.InnerHtml = "<response>" + "There was an unknown problem in adding the user, please contact the system admin." + "</response>";
            }
        }
        else
        {
            for (int i = 0; i < OfficeOnlineUser.UserTypes.Length; i++ )
            {
                if (i + 1 > currentUser.UserType)
                {
                    break;
                }

                ListItem li = new ListItem(OfficeOnlineUser.UserTypes[i],(i+1).ToString());
                ddlType.Items.Add(li);
            }
        }
    }

    private int InsertUserInfoToDatabase()
    {
        string username = Request.QueryString["username"];
        string password = Request.QueryString["password"];
        string useremail = Request.QueryString["email"];
        string secretquestion = Request.QueryString["secretquestion"];
        string secretanswer = Request.QueryString["secretanswer"];
        string userRealName = Request.QueryString["name"];
        string address = Request.QueryString["address"];
        int age = Convert.ToInt16(Request.QueryString["age"]);
        string contactno = Request.QueryString["contactno"];
        int userType = Convert.ToInt16(Request.QueryString["usertype"]);
        string department = Request.QueryString["department"];

        
        string command = "sp_tb_user_InsertUser";
        SqlConnection sqlCon = new SqlConnection(DatabaseFunctions.GetConnectionString());
        SqlCommand sqlCmd = new SqlCommand(command, sqlCon);
        sqlCon.Open();
        sqlCmd.CommandType = System.Data.CommandType.StoredProcedure;

        sqlCmd.Parameters.Add(new SqlParameter("@userName", SqlDbType.NVarChar, 255, ""));
        sqlCmd.Parameters.Add(new SqlParameter("@password", SqlDbType.NVarChar, 32, ""));
        sqlCmd.Parameters.Add(new SqlParameter("@userType", SqlDbType.Int, 32, ""));
        sqlCmd.Parameters.Add(new SqlParameter("@userEmailAddress", SqlDbType.NVarChar, 255, ""));
        sqlCmd.Parameters.Add(new SqlParameter("@secretQuestion", SqlDbType.NVarChar, 255, ""));
        sqlCmd.Parameters.Add(new SqlParameter("@secretAnswer", SqlDbType.NVarChar, 255, ""));
        sqlCmd.Parameters.Add(new SqlParameter("@userRealName", SqlDbType.NVarChar, 255, ""));
        sqlCmd.Parameters.Add(new SqlParameter("@userAddress", SqlDbType.NVarChar, 255, ""));
        sqlCmd.Parameters.Add(new SqlParameter("@userContactNo", SqlDbType.NVarChar, 255, ""));
        sqlCmd.Parameters.Add(new SqlParameter("@department", SqlDbType.NVarChar, 255, ""));
        sqlCmd.Parameters.Add(new SqlParameter("@age", SqlDbType.Int, 32, ""));
        sqlCmd.Parameters.Add(new SqlParameter("@result", SqlDbType.Int, 32, ""));
        sqlCmd.Parameters["@result"].Direction = ParameterDirection.Output;
        
        sqlCmd.Parameters["@userName"].Value = username;
        sqlCmd.Parameters["@password"].Value = DatabaseFunctions.MD5Encode(password);
        sqlCmd.Parameters["@userType"].Value = userType;
        sqlCmd.Parameters["@userEmailAddress"].Value = useremail;
        sqlCmd.Parameters["@secretQuestion"].Value = secretquestion;
        sqlCmd.Parameters["@secretAnswer"].Value = secretanswer;
        sqlCmd.Parameters["@userRealName"].Value = userRealName;
        sqlCmd.Parameters["@userAddress"].Value = address;
        sqlCmd.Parameters["@userContactNo"].Value = contactno;
        sqlCmd.Parameters["@department"].Value = department;
        sqlCmd.Parameters["@age"].Value = age;
        sqlCmd.ExecuteNonQuery();

        int result = 0;

        try
        {
            result = Convert.ToInt16(sqlCmd.Parameters["@result"].Value);
        }
        catch (Exception ex)
        {
            result = 0;
        }

        sqlCon.Close();

        return result;  
    }
    
}

